From 698408bce2a2294ab620cb70d6272f33fa75e017 Mon Sep 17 00:00:00 2001 From: Mitchell Hayenga Date: Thu, 12 Jan 2012 15:27:20 -0600 Subject: Fix memory corruption issue with CopyStringOut() CopyStringOut() improperly indexed setting the null character, would result in zeroing a random byte of memory after(out of bounds) the character array. --- src/mem/fs_translating_port_proxy.cc | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/mem/fs_translating_port_proxy.cc b/src/mem/fs_translating_port_proxy.cc index d202b22bd..c0898a003 100644 --- a/src/mem/fs_translating_port_proxy.cc +++ b/src/mem/fs_translating_port_proxy.cc @@ -138,15 +138,19 @@ CopyIn(ThreadContext *tc, Addr dest, void *source, size_t cplen) void CopyStringOut(ThreadContext *tc, char *dst, Addr vaddr, size_t maxlen) { - int len = 0; char *start = dst; FSTranslatingPortProxy* vp = tc->getVirtProxy(); - do { - vp->readBlob(vaddr++, (uint8_t*)dst++, 1); - } while (len < maxlen && start[len++] != 0 ); + bool foundNull = false; + while ((dst - start + 1) < maxlen && !foundNull) { + vp->readBlob(vaddr++, (uint8_t*)dst, 1); + if (dst == '\0') + foundNull = true; + dst++; + } - dst[len] = 0; + if (!foundNull) + *dst = '\0'; } void -- cgit v1.2.3